I mostly work with the cloud version of the product. Based on my customers' experience, they mostly use Microsoft Azure. My customers utilize a hybrid cloud setup where we use on-premises and cloud solutions because we have air-gapped customers who have no other option than to use on-premises. The customers who have cloud access and are open to using cloud solutions are using Tenable One, which is a cloud-based solution.
Nessus (BYOL)
Tenable, Inc.External reviews
321 reviews
from
and
External reviews are not included in the AWS star rating for the product.
User-Friendly Vulnerability Scanner
What do you like best about the product?
We use Tenable Nessus as our business vulnerability scanner, and appreciate its ability to scan our VLANs, report CVEs, and suggest remediation. We like that Nessus helps us stay compliant with CIS18 and ensures we aren't missing any "invisible" problems on our network. What stands out is its more user-friendly interface compared to other scanners we've used, and we find it convenient that it doesn't force us to create our own reporting.
What do you dislike about the product?
We would love even more customization in the UI. The ability to download additional reports, create new views, etc would be great.
What problems is the product solving and how is that benefiting you?
We use Tenable Nessus as a business vulnerability scanner to scan VLANs, report CVEs, and suggest remediation. It helps us stay compliant with CIS18 and uncovers invisible network problems.
Accurate, Fast Vulnerability Scanning You Can Rely On
What do you like best about the product?
Accurate, fast vulnerability scanning tool
What do you dislike about the product?
Limited automation, not very comprehensive reporting
What problems is the product solving and how is that benefiting you?
Finds vulnerability fast, thereby reducing risk and exposure
Hybrid deployments have strengthened vulnerability visibility and streamlined security reporting
What is our primary use case?
What is most valuable?
I would not personally speak to what I like about Tenable Nessus, because I think the only reason many customers are using it is because it is well-known and they have received directives from their companies or mother companies. For me, the key value is the ease of use and integration with SIEMs because it has built-in integrations with IBM QRadar and others. Tenable Nessus is typically a widely integrated tool within the existing security ecosystem. It is part of the security policy that customers have implemented, so it does provide positive impact and is beneficial to use Tenable Nessus.
What needs improvement?
I would not personally speak to what other features I would like to see in future updates of Tenable Nessus; this is perhaps more a question for the customers rather than for me. Based on what customers typically use, what they need to meet all requirements and security requirements is currently available. However, for some customers, they would like to have more assistance as they are becoming accustomed to AI co-pilots. An AI feature that helps them discover options without requiring them to deep dive into all features or guides them through advisory functions would be beneficial.
For how long have I used the solution?
I have been implementing the product for four or five years.
How are customer service and support?
The technical support from Tenable is adequate. When a customer opened a ticket, they did not reach out to us directly. I know that they opened the ticket but did not get back to us, so I believe the ticket was resolved; otherwise, they would have informed us.
What about the implementation team?
Within the company, we have two people who are dealing with Tenable Nessus. Beyond Tenable Nessus, they are also dealing with Rapid7 scanners as we provide multiple solutions for vulnerability scanning.
What was our ROI?
It remains acceptable for us to use and sell Tenable Nessus because we can still bring in revenue, so it continues to be worthwhile.
What's my experience with pricing, setup cost, and licensing?
Based on my experience, the pricing for Tenable Nessus is somewhat higher, but customers still want to pay for it, so it remains acceptable. The annual price increase of six to seven percent could potentially be lower, which would be beneficial. However, when we compare it to other solutions, it is more difficult for us to negotiate the price for Tenable Nessus than to negotiate the price with Rapid7.
What other advice do I have?
We are not using Tenable Nessus internally; we are only providing it to our customers. The implementation of Tenable Nessus depends on the scenario and is straightforward for us. The implementation process does not take much time for me personally. However, it typically requires at least one day because you need to fine-tune the configuration, as it is not simply setting it up; troubleshooting and fine-tuning also take time. For a simple implementation that is not distributed or large-scale, it usually takes about one day. When we find something in Tenable Nessus, we use automation to help us with that, combining it with automation. For me, this approach is acceptable. My customers do not appear to utilize Tenable Nessus' configuration auditing feature. I have used the reporting features with Tenable Nessus where customers conduct scheduled vulnerability scans plus default scans for CVEs, and they have reporting scheduled to send all reports to the CSOs. As the partner rather than the end user, I do not deal with tickets frequently. I rate the support from Tenable at eight out of ten. I give this review an overall rating of nine out of ten.
User-Friendly IP Scanning with Audit-Friendly Compliance Reports
What do you like best about the product?
It’s very user-friendly to start a basic scan of IP addresses. As a non-developer, I was able to learn the interface quickly and run the scan without much effort. The reports are audit-friendly, and we were able to submit them for compliance purposes.
What do you dislike about the product?
The report is provided in PDF format, so we’re not able to assign specific vulnerabilities to the appropriate teams. It would be very helpful if the reports could also be exported to a format like Excel, so we can allocate vulnerabilities to the respective team members more easily.
What problems is the product solving and how is that benefiting you?
Through DAST scanning, we are able to identify vulnerabilities both immediately after deployment and on a continuous basis. This helps a lot to improve the security posture of the organisation as a whole. We track the security posture through NIST framework and this perfectly fits to improve the score.
Powerful Vulnerability Scanner, Rapid Learning Curve
What do you like best about the product?
I think Tenable Nessus is a very popular toolset that stands out because of its usability, allowing me to learn and use it quickly without requiring extensive training or facing a steep learning curve. Its intuitive nature facilitates swift adoption, making it accessible for our team. Additionally, I value the ability to specify the range of IP address assets and perform both ad-hoc and scheduled scanning. This functionality is crucial for maintaining the integrity and security of our network infrastructure, and it helps us in managing and mitigating vulnerabilities efficiently.
What do you dislike about the product?
I dislike that the pricing of Tenable Nessus has been going up quite significantly recently.
What problems is the product solving and how is that benefiting you?
We use Tenable Nessus to scan for vulnerabilities, improving our organization's cybersecurity by patching and reporting the status of our systems.
User-Friendly and Simple, But Support Scheduling Could Be Faster
What do you like best about the product?
Like how simple it is to use, also user friendly
What do you dislike about the product?
One thing that I dislike that they takes time to schedule call for support
What problems is the product solving and how is that benefiting you?
Help to find vulnerabilities with solution
Simple and Effective, But Limited to One User in Pro Version
What do you like best about the product?
I love the simplicity of Nessus and the ease of use for securing the environment
What do you dislike about the product?
I dislike the fact that the professional version only allows one user
What problems is the product solving and how is that benefiting you?
It helps identify new Windows vulnerabilities in the environment before deploying new servers
Has enabled me to reduce false positives and perform deep credential auditing with seamless integrations
What is our primary use case?
For my use case, I will use Tenable Nessus for my vulnerability assessment. It is a very powerful vulnerability scanning tool with comprehensive coverage, accuracy, and actionable intelligence.
What is most valuable?
I mostly use the configuration audit feature for the audit configuration as a scan policy, and I will use it for credential audit, which helps me scan credentials access such as local administrator or root access, performing a deeper and more accurate check of local configuration settings and file systems, making it a highly recommended feature.
Regarding integration capabilities, we can integrate Tenable Nessus with SIM tools such as Splunk, IBM QRadar, and Azure Sentinel, as well as with ticketing systems such as ServiceNow, Jira, and Slack. There is no complexity as it is very easy to integrate everything.
In terms of the reporting feature, while vulnerability scanning can throw some false positives, Tenable Nessus has very few, achieving a reduction of 75% to 80% false positives with manual analysis needed. We can generate standard Nessus reports that typically include host summaries and vulnerabilities by host and plugin, alongside solutions and remediation recommendations.
The main benefits I get from Tenable Nessus are complete asset inventory and comprehensive attack surface management, allowing us to prioritize vulnerabilities based on risk, focusing on true risk and threat path analysis.
What needs improvement?
Tenable could improve by integrating Gemini or ChatGPT for deeper analysis in risk assessment, making it easier to analyze risks with a simple prompt.
For how long have I used the solution?
I have been working with Tenable Nessus for five years.
What do I think about the stability of the solution?
The stability of Tenable Nessus is extraordinary, not just the best, but extraordinary.
What do I think about the scalability of the solution?
Tenable Nessus is highly scalable, warranting a rating of 9.5 or 10 out of five.
How was the initial setup?
The initial setup for Tenable Nessus is very simple compared to Greenbone, as it is based on a license. There are three kinds of licenses: essential, professional, and enterprise. After purchasing the license from tenable.com, we just download it to our system and enter the key to begin vulnerability scanning.
Which other solutions did I evaluate?
When comparing Tenable Nessus with competitors, I consider Rapid7 and OpenVAS from Greenbone. For web application vulnerability scanning or combined scanning, I go with Tenable Nessus, but if I only want to scan networks and servers, I definitely choose OpenVAS.
What other advice do I have?
Tenable Nessus is very costly compared to OpenVAS and sits on the higher side.
My preferred purchase process for Tenable Nessus is to buy any license directly with Tenable and not through any vendor.
Tenable Nessus is famous, and everyone is using it. On a scale of one to ten, I rate Tenable Nessus a 10.
Essential Tool for Network Security Assessments
What do you like best about the product?
Nessus is easy to use, fast, and highly accurate. I like its wide vulnerability coverage, regular updates, and clear, detailed reports.
What do you dislike about the product?
The user interface can feel a bit outdated, and initial setup or scan tuning may be complex for beginners. Also, advanced features require a paid license.
What problems is the product solving and how is that benefiting you?
Nessus helps us identify and remediate vulnerabilities across our network before they can be exploited. It improves our security posture, supports compliance efforts, and saves time with automated scans and detailed reporting.
Tenable Nessus Professional
What do you like best about the product?
Its easy to setup and config for first time and tenable support is very good. we are using it every quaterly for the infra scan to make sure our infra is safe from vulnrabilities.
What do you dislike about the product?
in reporting for the same vulnerability it will show mutliple cve in differnt rows while exporting which is creating manual effort to clean
What problems is the product solving and how is that benefiting you?
it helps to identfy the vulnerabilities in the infra so that we can protect the data
showing 1 - 10